CLAIMS 

We claim: 

1. A method of delivering an application or service to a subscriber, said method comprising 
the steps of: 

(1) receiving a packet requesting delivery of said application or service from said 
subscriber at a communication device; 

(2) retrieving a subscriber context referencing policies that describe applications and 
services available to said subscriber; 

(3) comparing said application or service requested by said packet with policies 
referenced by said subscriber context to identify matching policies; 

(4) referencing a service policy accessible for describing said application or service 
when requested by other subscribers to obtain a description of said matching policies; and 

(5) delivering said requested application or service from a service provider to said 
subscriber via said communication device according to said description of said matching policies 
obtained from said service profile. 

2. The method of claim 1, wherein each application or service is described by a single set of 
polices in said service profile, and wherein each request for said application or service is fulfilled 
according to said single set of policies. 

3. A method of delivering applications or services via a communication device in 
communication with a service provider and a subscriber, said method comprising the steps of: 
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(1) receiving a packet at said communication device from said subscriber; 

(2) obtaining a subscriber context that references applications or services available to 
said subscriber by attempting to identify said subscriber, and authenticating said subscriber when 
said subscriber is not identified; 

upon identifying or authenticating said subscriber, performing the steps of: 

(3) comparing said subscriber context with said packet; and 

(4) delivering one or more applications or services requested by said packet that are 
also referenced by said subscriber context from said service provider through said 
communication device to said subscriber. 

4. The method of claim 3, wherein said step of obtaining a subscriber context further 
comprises comparing said packet with packet source information accessible by said 
communication device. 

5. The method of claim 3, wherein said step of authenticating further comprises the step of 
dynamically retrieving said subscriber context from an off-communication device data store. 

6. The method of claim 3, wherein said packet source information comprises identifiers for 
identifying an interface through which said packet was received. 

7. The method of claim 6, wherein said identifiers comprise at least one of: an IP address; a 
PPP session number; an ATM VCI or VPI; a physical interface number; or a VLAN tag. 

8. The method of claim 3, wherein said comparing comprises comparing packet fields of 
said packet and of said subscriber context. 
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9. The method of claim 8, wherein said packet fields comprise at least one of: a source or 
destination IP address; a source or destination TCP/UDP port number; VLAN tag; or ToS/DSCP. 

10. The method of claim 3, wherein services and applications are delivered according to 
inbound and outbound policies, and wherein a least restrictive policy is applied. 
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